Davide Ferraris

@article{surveyIoTrust2023,

title = {A Survey on IoT Trust Model Frameworks},

author = {Davide Ferraris and Carmen Fernandez-Gago and Rodrigo Roman and Javier Lopez},

url = {/wp-content/papers/surveyIoTrust2023.pdf},

doi = {10.1007/s11227-023-05765-4},

year  = {2023},

date = {2023-11-17},

urldate = {2023-11-17},

journal = {The Journal of Supercomputing},

abstract = {Trust can be considered as a multidisciplinary concept, which is strongly related to the context and it falls in different fields such as Philosophy, Psychology or Computer Science. Trust is fundamental in every relationship, because without it, an entity will not interact with other entities. This aspect is very important especially in the Internet of Things (IoT), where many entities produced by different vendors and created for different purposes have to interact among them through the internet often under uncertainty. Trust can overcome this uncertainty, creating a strong basis to ease the process of interaction among these entities. We believe that considering trust in the IoT is fundamental, and in order to implement it in any IoT entity, it is fundamental to consider it through the whole System Development Life Cycle. In this paper, we propose an analysis of different works that consider trust for the IoT. We will focus especially on the analysis of frameworks that have been developed in order to include trust in the IoT. We will make a classification of them providing a set of parameters that we believe are fundamental in order to properly consider trust in the IoT. Thus, we will identify important aspects to be taken into consideration when developing frameworks that implement trust in the IoT, finding gaps and proposing possible solutions.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{ferraris2020b,

title = {A model-driven approach to ensure trust in the IoT},

author = {Davide Ferraris and Carmen Fernandez-Gago and Javier Lopez},

url = {/wp-content/papers/ferraris2020b.pdf},

doi = {10.1186/s13673-020-00257-3},

issn = {2192-1962},

year  = {2020},

date = {2020-12-01},

urldate = {2020-12-01},

journal = {Human-centric Computing and Information Sciences},

volume = {10},

number = {50},

publisher = {Springer},

abstract = {The Internet of Things (IoT) is a paradigm that permits smart entities to be interconnected anywhere and anyhow. IoT opens new opportunities but also rises new issues. 

In this dynamic environment, trust is useful to mitigate these issues. In fact, it is important that the smart entities could know and trust the other smart entities in order to collaborate with them. 

So far, there is a lack of research when considering trust through the whole System Development Life Cycle (SDLC) of a smart IoT entity. 

In this paper, we suggest a new approach that considers trust not only at the end of the SDLC but also at the start of it. More precisely, we explore the modeling phase proposing a model-driven approach extending UML and SysML considering trust and its related domains, such as security and privacy. 

We propose stereotypes for each diagram in order to give developers a way to represent trust elements in an effective way. 

Moreover, we propose two new diagrams that are very important for the IoT: a traceability diagram and a context diagram. 

This model-driven approach will help developers to model the smart IoT entities according to the requirements elicited in the previous phases of the SDLC. 

These models will be a fundamental input for the following and final phases of the SDLC.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{ferraris2020,

title = {A Trust Model for Popular Smart Home Devices},

author = {Davide Ferraris and Daniel Bastos and Carmen Fernandez-Gago and Fadi El-Moussa},

url = {/wp-content/papers/ferraris2020.pdf

https://link.springer.com/article/10.1007/s10207-020-00519-2},

doi = {10.1007/s10207-020-00519-2},

issn = {1615-5262},

year  = {2020},

date = {2020-01-01},

urldate = {2020-01-01},

journal = {International Journal of Information Security},

publisher = {Springer},

abstract = {Nowadays, smart home devices like Amazon Echo and Google Home have reached mainstream popularity. 

Being in the homes of users, these devices are intrinsically intrusive, being able to access details such as users’ name, gender, home address, calendar appointments and others. 

There are growing concerns about indiscriminate data collection and invasion of user privacy in smart home devices, but studies show that perceived benefits are exceeding perceived risks when it comes to consumers. 

As a result, consumers are placing a lot of trust in these devices, sometimes without realizing it. 

Improper trust assumptions and security controls can lead to unauthorized access and control of the devices, which can result in serious consequences. 

In this paper, we explore the behaviour of devices such as Amazon Echo and Google Home in a smart home setting with respect to trust relationships and propose a trust model to improve these relationships among all the involved actors. 

We have evaluated how trust was built and managed from the initial set up phase to the normal operation phase, during which we performed a number of interaction tests with different types of users (i.e. owner, guests). 

As a result, we were able to assess the effectiveness of the provided security controls and identify potential relevant security issues. In order to address the identified issues, we defined a trust model and propose a solution based on it for further securing smart home systems.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

@article{ferraris2019,

title = {TrUStAPIS: A Trust Requirements Elicitation Method for IoT},

author = {Davide Ferraris and Carmen Fernandez-Gago},

url = {/wp-content/papers/ferraris2019.pdf

https://link.springer.com/article/10.1007%2Fs10207-019-00438-x},

doi = {10.1007/s10207-019-00438-x},

issn = {1615-5262},

year  = {2019},

date = {2019-01-01},

urldate = {2019-01-01},

journal = {International Journal of Information Security},

pages = {111-127},

publisher = {Springer},

abstract = {The Internet of Things (IoT) is an environment of interconnected entities, which are identifiable, usable and controllable via the Internet. Trust is useful for a system such as the IoT as the entities involved would like to know how the other entities they have to interact with are going to perform. 

When developing an IoT entity, it will be desirable to guarantee trust during its whole life cycle. Trust domain is strongly dependent on other domains such as security and privacy. 

To consider these domains as a whole and to elicit the right requirements since the first phases of the System Development Life Cycle (SDLC) is a key point when developing an IoT entity. 

This paper presents a requirements elicitation method focusing on trust plus other domains such as security, privacy and usability that increase the trust level of the IoT entity developed. To help the developers to elicit the requirements, we propose a JavaScript Notation Object (JSON) template containing all the key elements that must be taken into consideration. 

We emphasize on the importance of the concept of traceability. This property permits to connect all the elicited requirements guaranteeing more control on the whole requirements engineering process.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}